5865 matches found
CVE-2024-28868
Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external...
CVE-2024-28868 Umbraco possible user enumeration vulnerability
Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external...
GHSA-552F-97WF-PMPQ Umbraco possible user enumeration
Impact A user enumeration attack is possible. Affected versions Umbraco 10 with access to the native login screen Patches This is fixed in 10.8.5 Workarounds Disabling the native login screen, by exclusively use external logins...
Hello, Java 22!
update I've since published a Spring Tips video on this very topic! If you'd prefer, you could watch that instead. Hi, Spring fans! Happy Java 22 release day, to those who celebrate! Did you get the bits already? Go, go, go! Java 22 is a significant improvement that I think is a worthy upgrade fo...
IBM CICS TX Standard and Advanced suffers from a cryptographic problem vulnerability (CNVD-2024-15366)
IBM CICS TX Standardand Advanced is a comprehensive, single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. IBM CICS TX Standard and Advanced has a cryptographic issue vulnerability that stems...
Malicious code in eng-intern-assessment-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89b4034292e246b7a29d48d5132016c2ae8beb78c0b6a0794d515aa811e5cc59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1118 Malicious code in eng-intern-assessment-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89b4034292e246b7a29d48d5132016c2ae8beb78c0b6a0794d515aa811e5cc59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-28250
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's...
CVE-2024-28250 Cilium has possible unencrypted traffic between nodes when using WireGuard and L7 policies
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's...
GHSA-V6Q2-4QR3-5CW6 Unencrypted traffic between nodes when using WireGuard and L7 policies
Impact In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies: - Traffic that should be WireGuard-encrypted is sent unencrypted between a node's Envoy proxy and pods on other nodes. - Traffic that should be WireGuard-encrypted is sent unencrypted between a node's DNS prox...
PT-2024-22366 · Cilium · Cilium
Name of the Vulnerable Software and Affected Versions: Cilium versions 1.14.0 through 1.14.7 Cilium versions 1.15.0 through 1.15.1 Cilium version 1.14.4 with encryption.wireguard.encapsulate set to false in tunneling mode Description: In Cilium clusters with WireGuard enabled and traffic matching...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update
An update is now available for Red Hat OpenShift GitOps 1.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
SUSE-SU-2024:0899-1 Security update for gdb
This update for gdb fixes the following issues: - Drop libdebuginfod1 BuildRequires/Recommends. The former isn't needed because there's a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it's bogus since RPM auto generated dependency wi...
A patched Windows attack surface is still exploitable
On August 8, 2023, Microsoft finally released a kernel patch for a class of vulnerabilities affecting Microsoft Windows since 2015. The vulnerabilities lead to elevation of privilege EoP, which allows an account with user rights to gain SYSTEM privileges on a vulnerable host. The root cause of th...
Quarkus Information Disclosure Vulnerability
Quarkus is a cloud-native Linux container-first framework for writing Java applications. An information disclosure vulnerability exists in Quarkus that stems from the presence of an information disclosure vulnerability...
Fedora: Security Advisory for tomcat-native (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for jansi-native (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for nekohtml (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for maven-native (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: tomcat-native-1.2.36-4.fc40
Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced...